Skip to content

Bump golang.org/x/image from 0.39.0 to 0.43.0#180

Merged
ncruces merged 1 commit into
masterfrom
dependabot/go_modules/golang.org/x/image-0.43.0
Jul 8, 2026
Merged

Bump golang.org/x/image from 0.39.0 to 0.43.0#180
ncruces merged 1 commit into
masterfrom
dependabot/go_modules/golang.org/x/image-0.43.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 19, 2026

Copy link
Copy Markdown
Contributor

Bumps golang.org/x/image from 0.39.0 to 0.43.0.

Commits
  • b5baf41 tiff: avoid overflow when reading IFD entries
  • e7513b5 tiff: limit the amount of data read in IFD entries
  • cb9f1a6 tiff: limit uncompressed data reads
  • 304d4cc tiff: reject tiles too much larger than the image
  • 7c04344 tiff: add buffer slice overflow checks for 32-bit systems
  • c5511df webp: require that VP8/VP8L dimensions match canvas dimensions
  • 38fd220 bmp: don't panic on too-large image, reject 0xN
  • f95dd26 font/sfnt: avoid panics from out-of-bounds access in invalid GPOS table
  • 1e486eb tiff: don't panic when decoding too-large image on 32-bit platforms
  • 3fd0b07 go.mod: update golang.org/x dependencies
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jun 19, 2026
Bumps [golang.org/x/image](https://github.com/golang/image) from 0.39.0 to 0.43.0.
- [Commits](golang/image@v0.39.0...v0.43.0)

---
updated-dependencies:
- dependency-name: golang.org/x/image
  dependency-version: 0.43.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/golang.org/x/image-0.43.0 branch from 8ea8199 to 4094cc7 Compare July 8, 2026 17:29
@ncruces ncruces merged commit 8ec357c into master Jul 8, 2026
4 checks passed
@dependabot dependabot Bot deleted the dependabot/go_modules/golang.org/x/image-0.43.0 branch July 8, 2026 17:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant